Because addons like FoxyProxy literally ruin the anonymity the TBB provides, by changing the fingerprint provided, they shouldn’t be used with it. To prevent this from happening, as a lot of people simply don’t know this/don’t care about this, the team behind the TBB apparently decided to attempt to prevent the installation of addons with version 6.0. Seemingly, this doesn’t extend to updated installation.
However, that doesn’t make using FoxyProxy, AdBlock Plus, etc. any less harmful to the anonymity provided.
Torbutton provides a lot of fingerprinting mitigation besides what addon set you are running. While its true the the TBB fingerprint changes with foxyproxy installed, the trade-off is negligible compared to running a stock browser exposing everything.
Standalone Torbutton has been deprecated a long time. Noscript on its own cannot recreate the many custom patches done by the TBB team all over the Firefox codebase. These prevent fingerprinting of many things about your system even if you must enable JS.
The link from above actually gives you access to the newest version, uploaded not even three days ago. Had copied the wrong link before and apperantly the forum displayed the change a bit to late for you to see it, as my post doesn’t even show the “edited-symbol”.
That’s where Tor Browser comes in. We produce a web browser that is preconfigured to help you control the risks to your privacy and anonymity while browsing the Internet. Not only are the above technologies disabled to prevent identity leaks, the Tor Browser also includes browser extensions like NoScript and Torbutton, as well as patches to the Firefox source code. The full design of the Tor Browser can be read here. In designing a safe, secure solution for browsing the web with Tor, we’ve discovered that configuring other browsers to use Tor is unsafe.
Obviously you are right there, but most of the other anonymity protection asside from TorButton and NoScript comes from the fingerprint which, after installing FoxyProxy is already lost completley. The changes in source code, metioned at The Design and Implementation of the Tor Browser [DRAFT] are in most cases only a factor when having NoScript deactivated. They contain things like stopping removing WebRTC, tracking of the used hardware, etc. which all are already non issues anymore when using NoScript.
The link in my post is one hosted at torproject.org, the official source. Like mentioned, for some reason you apparently saw a version I never sent away with a wrong URL and where able to quote it, even though it not having been sent or later edited…
This discussion has taken place in several threads and while the standing recommendation is to use TBB whenever possible, IIUC the debate has not been concluded definitively.
The big problem is that while TBB does the most to protect your browser fingerprint, just by virtue of using TBB with a non-Tor exit node, you are placing yourself into a very small subset of TBB users. (Even more so now.) Can’t comment on TBB + i2p usage, but certainly for using TBB + socks5, that would be a very small minority of users. If you combine that with visiting a relatively light traffic destination, you may be just as pseudonymous as if you had used Iceweasel - only with a false sense of security. Perhaps, it’s better to be purely pseudonymous from the beginning with Iceweasel and design your browsing strategy around that… Since TBB itself is recognizable, you’ll be less conspicuous using Iceweasel.
With the extremely high accuracy of fingerprinting techniques used today (of hardware and user behavior) you stand no chance of mixing in. Trackers will pinpoint you out with 100% certainty every click without TBB.
Its still better to take your chances mixing into a small group of Whonix users who use TBB + FoxyProxy with socks5 webproxies than completely sacrificing the pseudoanonymity left given by the setup of this tiny minority.
But rather uses all the data to create a value based on them which is unique to you allowing tracking and fingerprinting. And, as far as I’m informed, such a value is freshly created when installing FoxyProxy. So, even if many TBB users use FoxyProxy with it, that doesn’t mean they are just a part of a smaller group. By design, they’d be unique then.
Hasn’t that been the reason why, despite many developers having tried to do so, there has been no way to protect from fingerprinting and tracking without giving many people a predifined and identical value like the TBB does? Like I’ve said, if this is fundamentally wrong I’m sorry, but that is what I’ve been reading time and time again.
That’s my point. The alternative to not using TBB is: Don’t try to mix in with the tiny group of Whonix+TBB+proxy users that raise eyebrows wherever they go. Instead, create a new VM, assume a new identity, and be that identity.
Information about what plugins you have installed is a very small part of it compared to the mountain of information that any other browser but TBB leak. Patrick gives more details if you are interested.
Please post your source for this information. AFAIK the plugin is Free Software and does not spy on its users.